Retailers ‘playing a dangerous game’

Wednesday 18 September 2013 - Editorial Assistant

A quarter of UK retailers are allowing employees to use personal devices on company networks without any formal policies in place, posing a huge risk to their IT security, a survey has claimed.

50 per cent of retailers let staff use personal devices at work, yet just 25 per cent had a formal bring-your-own-device (BYOD) policy in place to govern the likes of security and correct usage, says the survey from Instrinsic Technology.

The research, which surveyed Chief information officers (CIOs) of retailers with over 1000 employees, found that employees could easily take sensitive data when they move on unless strict rules are in place.

“Retailers are seeing the benefits of allowing employees to use their own devices, with increased productivity and cost reduction both appealing. However, if security isn’t formalised then businesses are playing a dangerous game,” said Steve Browell, CTO at Intrinsic Technology.

“Internal IT departments have much less control over employee-owned devices, so cannot guarantee they have the latest security measures installed. Employee-owned devices are more likely to be exposed to malware and viruses outside work hours, which can then in turn access the corporate network and infect critical information.

“They also contain corporate information which is not always adequately protected leading to data loss if the device is lost or stolen.”

Formal BYOD policies also cover scenarios such as what happens to devices and data when employees leave the company. These policies can also protect against the dangers associated with device loss through remote data wiping services and agreements.

The mobile revolution is gaining momentum, with the research also revealing that 40 per cent of retail CIOs believe that buying desktops will become obsolete within four years.

Mr Browell continued: “Retailers shouldn¹t shy away from reaping the rewards of employees using their own devices, but security must come first. A well-designed BYOD policy, and a clearly articulated guide on how own devices should be used, can limit the risks and put the power back in the hands of the company.”